IoT solutions provide an opportunity to collect a vast amount of identifiable data (Atzori et al., 2010) with a variety of embedded sensors (Lee & Lee, 2015), delivered to the users in a readable form via internet. While individuals should be able control what identifiable data is collected from their actions, it can become impossible to independently ensure personal privacy in the often complex IoT environment (Atzori et al. 2010), where the border between personal and non-personal is prone to become unclear (Oriwoh et al., 2013). Consequently, as proposed by Baldini et al. (2018), the concept of privacy should be revisited in IoT due to the rapidly growing amount of data, whose nature in terms of personal privacy has already become difficult to define. Our aim is to help filling this research gap by including the pivotal privacy issues in an IoT-specific ethical framework, whose purpose will be to aid companies and individuals to prevent or correct the possible ethical conflicts connected to their approach towards IoT deployment. The final framework will cover six issue categories found relevant in the IoT context: privacy, accuracy, property, accessibility, motivation and security.

Considering the employees' often limited abilities to independently control their data privacy (x), we emphasize the importance of addressing the ethical responsibilities of managerial level actors. However, in some cases even the management may not be able to thoroughly understand or control the data collection and processing mechanics, nor the organization's responsibilities towards their employees. Thus, our goal is to help the organizations using IoT to understand and prevent potential ethical issues by developing a practical framework for people developing and implementing IoT ecosystems in organisational settings.

The framework is based on the Mason's notions about the ethical issues of information age (Mason, 1986) and preliminary investigations of the ethical issues of IoT in small and medium-sized enterprises (Vermanen et al., 2019). In this short paper, we focus on the privacy issues and some of the critical privacy questions associated with the IoT-based data collection, that should be implemented in the practical framework. Our initial idea of the framework (Vermanen et al., 2019) is constructed from questions that should be considered. However, there still is a need to consider the ethical issues in more depth in order to provide a functional tool for the practitioners. After considering multitude of approaches we agreed upon a technical solution in simple form of survey. In this paper we present the part considering privacy. Mason (1986) described the growth of information technology and the increased value of information in decision-making as the two main forces threatening our privacy. These aspects are widely present in the rapidly growing IoT technology, whose benefits rely heavily on collected data. Mason also claimed that the central issues caused by the growth of technology are the enhanced capacity for surveillance, communication, computation, storage and retrieval, which maintain their relevancy in the modern IoT solutions as well. However, as stated by Woodward et al. (2011), the purpose of Mason's essay was to ignite discussion on the ethical issues rather than specifically defining them as theoretical constructs.

Mason opened the discussion on privacy issues with three central questions: "What information should one be required to divulge about one's self to others? Under what conditions? What information should one be able to keep strictly to one's self?" The survey introduced in this paper will consider these questions as follows:

What information should one be required to divulge about one's self to others? What information should one be able to keep strictly to one's self?

The investigation of this topic will be divided into two main categories: the collection of data and the distribution of data. The analysis of both categories will be again divided between anonymous and identifiable data to investigate both the respondents' overall principles regarding data collection and their personally involved views.

• Under what conditions information can be collected and shared?

The respondents' views on the mentioned perspectives will be examined based on the following definitions: whether, when, how, by whom and to whom the data can be collected and distributed. These definitions are expected to cover the majority of aspects relevant to the collection and distribution of both anonymous and identifiable data. The survey will deploy a 7-point Likert scale ranging from 'Strongly agree' to 'Strongly disagree'. It will be delivered to 50 SMEs currently utilising IoT. Within these companies, the survey will be targeted towards individuals representing both employee and manager status to gain insight from the potential conflicts between different organizational hierarchy levels. Finally, the survey results are expected to enable us to verify the most pivotal privacy issues which should be added to final ethical IoT framework.